Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/10fea8-4f9c-42e2-b041-bd65fed67dc6/1/b771fZdz_MNhiObaQsIwRdjf7Gs.roa
File:                     b771fZdz_MNhiObaQsIwRdjf7Gs.roa (raw, json)
Hash identifier:          o+D5q+mMR9tPd7YAvMxT+oCI4+Bj3WK3M/NrPMAIyl4=
Subject key identifier:   6F:BE:F5:7D:97:73:FC:C3:61:88:E6:DA:42:C2:30:45:D8:DF:EC:6B
Certificate issuer:       /CN=5d8f40b1248de3da5f5d6097f81068293c4beef7
Certificate serial:       0199E725F5A4387173735F23B8751CDD5EF8
Authority key identifier: 5D:8F:40:B1:24:8D:E3:DA:5F:5D:60:97:F8:10:68:29:3C:4B:EE:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XY9AsSSN49pfXWCX-BBoKTxL7vc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/10fea8-4f9c-42e2-b041-bd65fed67dc6/1/b771fZdz_MNhiObaQsIwRdjf7Gs.roa
Signing time:             Wed 15 Oct 2025 09:14:08 +0000
ROA not before:           Wed 15 Oct 2025 09:14:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204074
IP address blocks:        2001:67c:1b2c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/10fea8-4f9c-42e2-b041-bd65fed67dc6/1/XY9AsSSN49pfXWCX-BBoKTxL7vc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/10fea8-4f9c-42e2-b041-bd65fed67dc6/1/XY9AsSSN49pfXWCX-BBoKTxL7vc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XY9AsSSN49pfXWCX-BBoKTxL7vc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e7:25:f5:a4:38:71:73:73:5f:23:b8:75:1c:dd:5e:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d8f40b1248de3da5f5d6097f81068293c4beef7
        Validity
            Not Before: Oct 15 09:14:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6fbef57d9773fcc36188e6da42c23045d8dfec6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:56:db:4f:21:2a:f8:b7:b1:6c:d6:dc:82:c2:
                    2a:76:d3:32:0d:8d:b9:a6:52:fe:c0:f9:81:94:51:
                    d2:ad:61:d5:54:89:86:91:42:ad:00:0b:d2:f3:1e:
                    e9:f6:0c:45:e0:77:47:df:23:b1:68:11:5f:33:10:
                    c2:52:96:11:b6:4f:c7:23:33:42:67:6c:49:d3:dd:
                    be:4e:03:1c:b0:e1:49:74:ce:e5:ec:7b:7f:c8:08:
                    ce:d3:11:73:ad:a4:0a:27:84:b7:4a:1a:65:c8:cb:
                    e8:ac:82:72:00:18:2e:d3:2f:7a:d6:33:bc:f1:45:
                    e8:33:66:bc:19:d6:5a:04:16:e8:23:e8:b3:c7:5f:
                    b7:91:69:c3:18:6c:46:bd:2c:da:66:36:b3:e6:19:
                    ac:87:63:06:b3:0a:28:35:c4:2b:3c:c4:2a:1e:b2:
                    d6:1f:47:2f:78:68:c6:01:d0:fd:0b:96:4c:8c:f1:
                    fd:c6:84:72:41:21:49:df:de:97:0a:40:f3:ba:c8:
                    8f:fc:5c:f8:5f:ef:80:66:a2:00:d1:11:3d:d1:2b:
                    3a:46:67:28:80:f3:24:ab:3b:a3:79:0b:6c:e4:b3:
                    4e:25:a2:b9:09:9c:45:8b:d2:d3:cc:fe:87:17:29:
                    54:0d:60:1a:99:ce:68:ee:78:c2:b8:09:88:f7:b7:
                    eb:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:BE:F5:7D:97:73:FC:C3:61:88:E6:DA:42:C2:30:45:D8:DF:EC:6B
            X509v3 Authority Key Identifier:
                keyid:5D:8F:40:B1:24:8D:E3:DA:5F:5D:60:97:F8:10:68:29:3C:4B:EE:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XY9AsSSN49pfXWCX-BBoKTxL7vc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/10fea8-4f9c-42e2-b041-bd65fed67dc6/1/b771fZdz_MNhiObaQsIwRdjf7Gs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/10fea8-4f9c-42e2-b041-bd65fed67dc6/1/XY9AsSSN49pfXWCX-BBoKTxL7vc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1b2c::/48

    Signature Algorithm: sha256WithRSAEncryption
         40:63:2a:cc:16:17:71:00:07:80:5a:c0:f9:ae:87:54:92:75:
         33:37:b5:74:fc:0e:2f:c2:11:46:42:9d:55:c3:83:65:06:c2:
         cb:a3:89:2c:d8:d4:2b:08:23:31:5d:d9:cb:67:5e:78:56:14:
         72:8b:66:b4:ee:ee:ee:6b:ac:28:9a:e0:28:23:38:88:f3:56:
         03:ac:98:c8:f3:bb:56:0f:5f:9e:65:3b:c1:99:03:d1:aa:cc:
         22:da:6b:33:e5:fb:d1:e7:30:f1:63:b3:76:ca:01:13:5b:3d:
         1c:11:37:3e:f9:01:71:90:15:47:84:1a:27:05:46:37:1e:38:
         83:77:77:be:7a:c2:a9:cb:68:2a:fd:a2:ee:53:50:e0:79:c1:
         3a:bc:3c:e8:e8:a3:21:6c:8c:4d:27:53:1a:d6:58:57:d2:14:
         7b:ce:aa:17:6a:83:ec:22:ab:ca:df:d4:96:27:28:1f:d7:c3:
         6a:bc:25:43:90:76:f2:5c:7e:00:17:36:11:10:3f:e6:61:42:
         df:4c:68:14:1f:87:05:c9:58:63:d8:50:82:b9:b0:7f:cf:44:
         5d:44:a7:a1:ef:3c:70:b0:44:d0:fb:9d:cb:16:92:e8:89:be:
         21:50:3d:81:39:cc:17:37:fc:79:f1:11:76:6b:07:9f:62:e9:
         0b:d7:0a:dd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZnnJfWkOHFzc18juHUc3V74MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkOGY0MGIxMjQ4ZGUzZGE1ZjVkNjA5N2Y4MTA2ODI5M2M0
YmVlZjcwHhcNMjUxMDE1MDkxNDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmJlZjU3ZDk3NzNmY2MzNjE4OGU2ZGE0MmMyMzA0NWQ4ZGZlYzZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2VbbTyEq+LexbNbcgsIqdtMyDY25
plL+wPmBlFHSrWHVVImGkUKtAAvS8x7p9gxF4HdH3yOxaBFfMxDCUpYRtk/HIzNC
Z2xJ092+TgMcsOFJdM7l7Ht/yAjO0xFzraQKJ4S3ShplyMvorIJyABgu0y961jO8
8UXoM2a8GdZaBBboI+izx1+3kWnDGGxGvSzaZjaz5hmsh2MGswooNcQrPMQqHrLW
H0cveGjGAdD9C5ZMjPH9xoRyQSFJ396XCkDzusiP/Fz4X++AZqIA0RE90Ss6Rmco
gPMkqzujeQts5LNOJaK5CZxFi9LTzP6HFylUDWAamc5o7njCuAmI97frzwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFG++9X2Xc/zDYYjm2kLCMEXY3+xrMB8GA1UdIwQY
MBaAFF2PQLEkjePaX11gl/gQaCk8S+73MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFk5QXNTU040OXBmWFdDWC1CQm9LVHhMN3ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8xMGZlYTgtNGY5Yy00MmUyLWIwNDEt
YmQ2NWZlZDY3ZGM2LzEvYjc3MWZaZHpfTU5oaU9iYVFzSXdSZGpmN0dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8xMGZlYTgtNGY5Yy00MmUyLWIwNDEtYmQ2NWZlZDY3ZGM2
LzEvWFk5QXNTU040OXBmWFdDWC1CQm9LVHhMN3ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBss
MA0GCSqGSIb3DQEBCwUAA4IBAQBAYyrMFhdxAAeAWsD5rodUknUzN7V0/A4vwhFG
Qp1Vw4NlBsLLo4ks2NQrCCMxXdnLZ154VhRyi2a07u7ua6womuAoIziI81YDrJjI
87tWD1+eZTvBmQPRqswi2msz5fvR5zDxY7N2ygETWz0cETc++QFxkBVHhBonBUY3
HjiDd3e+esKpy2gq/aLuU1DgecE6vDzo6KMhbIxNJ1Ma1lhX0hR7zqoXaoPsIqvK
39SWJygf18NqvCVDkHbyXH4AFzYRED/mYULfTGgUH4cFyVhj2FCCubB/z0RdRKeh
7zxwsETQ+53LFpLoib4hUD2BOcwXN/x58RF2awefYukL1wrd
-----END CERTIFICATE-----